Posted
by
michael
on Friday April 26, 2002 @02:41PM
from the prior-proper-planning-protects-privacy dept.

Last week we noted that Senator Hollings had introduced a privacy bill and that there were likely to be more introduced. Now Salon has a piece critical of Hollings' bill. EPIC wrote about it as well, and they seem to think it's not too bad, all things considered. Read Hollings' bill yourself and decide who's right. Also of note is a bill introduced in the House that would require all Federal agencies to prepare privacy impact statements (the ACLU has a summary) akin to the environmental impact statements now required for actions adversely affecting the environment. Seems like a good idea to me.

This is absolutely outrageous, I do hope someone takes this up with the state court system so that it can be overturned. It is a disturbing time we live in when people consider the right to be suspicious more important than the personal rights as citizens. It seems our government has forgotten so quickly the times when we were under the rule of britain and fought for our freedom from these self same violations.

IMHO, this is exactly analogous to what is going to start happening in our computers if the good Senator's bill is passed.

Actually the supreme court has ruled many times that these amendments guarrentee a reasonable right to privacy (reasonable giving the government the right to revoke said rights if a search warrent can be obtained, or other such documents which produce the claim that there is a high probability that illegal activities could be occuring).

Yes the amendments quoted are vauge, they were left intentionally vauge by the founding fathers because they understood the need for extensibility beyond the adding of an amendment to the constitution. The supreme court has often used the "elastic amendments" to rule for things which seem intuitive rights, but which are not as of yet, provided for in the current government. The fact that they are not amendments does not make them any less important.

Yes it would be nice to have an amendment which protects our privacy, but I doubt such a thing will happen anytime in the near future. Amendments are not added on a whim, they take time, and often (unfortunatly) suffering. Our privacy is just beginning to be truly broken, and it will take some large transgressions before an amendment will be considered, as well as a different world climate. I am afraid many of our national leaders would fear that an amendment for privacy would be seen as pro-terrorist. It's a shame that everything we see this days is cast in that light.

(c) NONSENSITIVE PERSONALLY IDENTIFIABLE INFORMATION REQUIRES ROBUST NOTICE AND OPT-OUT CONSENT- An internet service provider, online service provider, or operator of a commercial website may not--

(1) collect personally identifiable information not described in subsection (b) online, or(2) disclose or otherwise use such information collected online, from a user of that service or website.

---end quote

Salon's article does sem a bit overly critical. This bill is a necessary piece of legislation. Sure some would like to see it even stricter(prohibiting any spyware style market research), but as it is it prohibits companies from collecting sensitive information and also from collecting information which is non-sensitve but could potentially be used to identify you.

The Salon article implies that the bill will allow companies to collect all sorts of non-sensitive personal information and use it to build a complete profile of you, including the stuff that can't be directly collected due to it's sensitivity. This just isn't true.

(a) IN GENERAL- Section 102 does not apply to the collection, disclosure, or use by an internet service provider, online service provider, or operator of a commercial website of information about a user of that service or website necessary--
[snip exceptions 1 & 2]
(3) to provide other products and services integrally related to the transaction, service, product, or arrangement for which the user provided the information.

It's not only the definition of integral that opens a loophole, but also the notion of consent. Does a EULA provide consent? Further more notice that it requires you to OPT-OUT! Why should I be required to opt-out of something I am not interested in? Shouldn't I be asked to opt in? How would you like it if you were sent letters from tons of magazines every month saying "You have been added to our subscription list, please send an opt-out notice to our address to remove yourself, otherwise a charge of $21.99 will be billed to your credit card company as payment for services rendered".

Perhaps we should implement a system whereby any company requiring us to opt-out is also required to pay us for the time spent opting out. Even assuming a low baseline salary for computer professionals of $50,000 a year, thats $24/hour spent. If I spend 15 minutes reading the agreement, and writing the e-mail, that's still a good $6 that they owe me for the time they have stolen from my day.

"You have been added to our subscription list, please send an opt-out notice to our address to remove yourself, otherwise a charge of $21.99 will be billed to your credit card company as payment for services rendered".

(IANAL) I agree with your feelings on the matter, but there is a distinction, at least insofar as will be perceived by our lawmakers.

(Miko goes into lecture mode, pretending to be the guy in "Paper Chase") A contract requires a specific offer and a pro-active acceptance. A contract also requires consideration on all sides, i.e. everyone involved must get something theoretically of value. (That's why you hear about all those contracts in which someone gets one dollar. That one stinking dollar is the "consideration" received by one of the parties.) The scenario you describe wouldn't be a contract, because you did nothing to initiate the magazine subscription. However, an ISP can currently sell your name and other information and you aren't a party to that contract. You may feel like you're paying something out (your privacy) but that isn't currently recognized as something of consideration.

Furthermore, you can already establish a contract in which the ISP cannot sell your name and number. The problem is that most people don't know/care to do that and the contracts never mention the issue. Even if you tried to do so, most ISPs would simply look at you funny and keep smacking their gum. Ergo, in most real-world situations, the ISP has the right to sell your name because nothing in the contract said they couldn't. However, contracts are not entirely governed by their content. No contract in the world covers every possibility (Clause 182,383,282: Alien Invasions). That's why we have something called the Uniform Commercial Code. The UCC, among other things, sets the defaults for how contracts are interpreted. For example, if you offer to sell someone your car at a specific price (you have to set a specific price) but you don't tell them how long the offer is good, then they have a "reasonable" amount of time to accept. If you're wondering what's "reasonable", so have a lot of judges. One day is definitely reasonable. One year isn't. Now, back to the Hollings bill. What the Hollings bill does (theoretically) is establish some of those clauses that aren't explicitly covered in your contract with the ISP. The bill says, in effect, that unless the contract says otherwise, the ISP can sell your information, but if you tell them not to, they can't. Also, the ISP has to make it clear to you that if they intend to sell your info.

What you describe is similar to the methods of telemarketers today - although their tactics are really an "opt-in" they try to sell it fast as an opt-out.

You've heard the talk -

"We're going to send you X free and all you have to do is look it over for FREE for 30 days and if you don't like it you can just call and cancel. All I need to do is verify your address, do you still live at 123 Main Street blah blah blah"

They try to use aggressive tactics to get you to opt-in to an opt-out subscription.

But at least you have the option of saying "NO YOU FUX0R, leave me alone."

Unlike the OPT-OUT availability here. Which will quickly be abused to subscribe you to paying services that are FREE for the first 30 days and if you continue...

Actually there is a very concrete and inarguable definition for integral:

(in'ti-gr&l) Mathematics a. A number computed by a limiting process in which the domain of a function, often an interval or planar region, is divided into arbitrarily small units, the value of the function at a point in each unit is multiplied by the linear or areal measurement of that unit, and all such products are summed. b. A definite integral. c. An indefinite integral.

One reason I dislike the bill is because I am not sure what they really mean by robust notice. If the salon article is right, the small bit they had in the kazaa liscense about BDE could count as robust notice.

Another reason I dislike the bill is because it requires opt-out. While this is better than nothing being required, it is easy to hide the option to opt out or to put the access to the option to opt out somewhere you can't access till you have allready registered. I don't want anybody selling my personal information before they've even given me a chance to opt out.

With those two thing, the bill unsettles me. Why can't it require things to be opt in? If a website had something clear that said "If you give us consent to collect and sell your personal information, check this box" I would have no qualms. In that case, you know both that the user does consent and that if you do not consent, then you won't be shafted.

While stuff like this should be regulated, it should not be under these terms.

On principle, I prefer opt-in, and I think respectable websites choose this approach.

But as far as legislation goes, you have to be pretty careful making opt-in the only legal method. If you have a server that collects standard logs, which contain which ip address requested which file, then you're collecting non-sensitive identification without your users "opting-in". A judge may choose to redefine loading a website as opting-in to that particular server, but then what about images or ads served from a different server than the hosting site? It's a complex enough issue just to avoid making everyday things that really don't bother many people illegal.

Perhaps, but the timing is supsect. And this may be slightly off topic, but what I see here is a poker chip Hollings can use to get his other bill passed. A few people really interested in seeing this thing become law, but that aren't too crazy about the CBDTPA, may be persuaded to compromise.

> And this may be slightly off topic, but what I see here is a poker chip Hollings can use to get his other bill passed. A few people really interested in seeing this thing become law, but that aren't too crazy about the CBDTPA, may be persuaded to compromise.

Interesting. Maybe I'm wearing tinfoil, but I see it as a missing piece of the CBDTPA puzzle.

I travelled into the future, in which President Hollings passed CBDTPA and this privacy bill by executive order, and brought back the following opt-out notice. Due to a mixup involving a cup of really hot tea and a hyperbogonic matter converter, all the legal obfuscations were accidentally translated, not just into plain English, but into truthful statements:

The fact that we're AOL/TW (part of the Content Cartel), and Eisner offered us $100 per name for a qualified list of 'people who have an interest in downloading movies' based on our logs of traffic over P2P networks or USENET', and that subpoena you got last week is merely a coincidence.

If you don't like the way we do business, you can take your business elsewhere, such as MSN. This will, of course, keep Valenti off your back, but will do nothing to stop the BSA (funded by Microsoft) from purchasing a targeted list of 'people likely to be interested in receiving information about software licensing' based on MSN's recent broadcast of packets and analysis of TCP/IP sequence numbers, cross-linking subscriber machines that appear to be running Windows, but who don't appear in Microsoft's customer list. This, too, is a meaningless coincidence.

You may also consider taking your business to Earthlink, but some who do will be getting some very strange marketing materials, given the nature of the company that's continually seeking qualified leads for 'internet users with an interest in expensive sci-fi religions involving Galactic Emperors named Xenu, and/or any customers interested in eating clams at beachfront social gatherings.'

Yes, our software will upload the entire contents of the user's brain onto our servers, where we can scan through it and analyze it for marketing vulnerabilities. Privacy impact? Uhhh, NONE. We will never (snigger) share this information with anyone (sotto voice: who doesn't pay) so there is no privacy impact whatsoever!

I trust corporations who are intent on invading my privacy to prepare a proper privacy impact statement like I trust burglars to lock up after they are done.

I think Hollings is actually a visionary! He realizes that the high-tech industry can bring a lot of jobs and money into a state, and South Carolina's not really one of the hot geek destinations right now.

So, he's decided that if he can sponsor enough loony internet-related bills, he'll rile up enough geeks to move to South Carolina for the sole purpose of voting him out of office. Once they're settled there, they'll figure they might as well get jobs and some entreprenurial-minded individuals will start businesses that will eventually boost the economy of the state!

I have to admit, it's a brilliant plan from a brilliant senator, whose love of his state far outweighs petty concerns like hundreds of thousands of dollars in lobbyist contributions.

From the Epic site: Hewlett Packard urged inclusion of a safe harbor provision in the Act to insulate companies from enforcement if they are members of a certified seal program such as BBBOnline or TrustE.

The resourceful team at the Subversive Intellectual Society [subintsoc.net] managed to dig up a whole series of confidential letters [subintsoc.net] sent to people like David Koresh, Ted Kaczynski, Elian Gonzalez, and others, by various government agencies.

Maybe they'll dig up Senator "SSSCA" Hollings' tax returns next. Or his CD or video purchases...I'd love to see those...

I have just concluded a conference call with the nation's Bribe-recieving robots to let them know what I'm about to share with the people of Seattle. I might add, I also wanted to commend them for their work in improving and strengthening homeland security since WTO. We've been in frequent communication with the Bribe-recieving robots and I think their work to date has reflected the kind of relationship between the federal and the state and local government that we need to make a permanent part of our homeland security defense.

Over the last several days, our Los Alamos National Laboratories and Department of Anal Retention have seen an increased volume and level of activity involving semaphores of terrorist attacks. The information we have does not point to any specific target either in Seattle or abroad, and it does not outline any specific type of attack. However, the analysts who review this information believe the quantity and level of semaphores are above the norm and have reached a threshold where we should once again place the public on general alert, just as we have done on two previous occasions since WTO.

During his address on homeland security, Fidel Castro promised the people of Seattle that when we have evidence of credible semaphores we will issue appropriate alerts. That is exactly what we are doing here today.

Fidel Castro also reminded all of us that a terrorism alert is not a signal to stop your life, it is a call to be stoned, to know that your government is on high alert and to add your eyes and your ears to our efforts to find and stop Lobbyists.

Our government is taking precautions. This afternoon the EFF is issuing a terrorist threat advisory update to all Anarchists across the country through the National Law Enforcement Telecommunications System. All Anarchists have been instructed to stay on the highest alert and to immediately notify the EFF of any unusual or suspicious activity.

The semaphores we are picking up are very generic. They warn of more attacks, but are not specific about where or what type. It could be a nuking, or a bombing, or even a sniping. We do know that the next several weeks, which bring Halloween and important religious observances in other faiths, have been times when Lobbyists have planned attacks in the past.

One example is December of 1999. Authorities in USA, Japan and Bangladesh uncovered and prevented plans for a series of attacks related to the Battle of Bunker Hill. Those plans were thwarted when intelligence learned about them and law enforcement arrested the suspected Lobbyists.

Now, obviously, the further removed we get from WTO, I think the natural tendency is to let down our guard. Unfortunately, we cannot do that.

We are a nation at war. We are the targets of Lobbyists who have demonstrated they have no remorse about killing thousands of innocent Bacteria. The government will continue to do everything we can to find and stop those who seek to harm us, but I believe we owe it to the people of Seattle to remind them that they must be stoned as well.

I also know the very first question the people of Seattle will ask -- "So, Barney, besides being stoned, what else should my family and I do?"

The answer is you should report any suspicious activity or behavior to your Bribe-recieving robots and, perhaps as importantly, you should heed the words of Fidel Castro who has called on all of us to rely on our good judgment and our common sense, and to continue to live in a spirit of courage and optimism and resolve to defeat the Lobbyists.

What bothers me most is that I think he will pass his bill, given that he can market it under false pretenses to both sides. By far the most disturbing part of this proposed bill however, is what they deem "nonsensitive information", namely my name, address, and shopping/surfing habits.

Don't be fooled, your name and address are two of the most sensitive peices of information you posses! In the hands of malicious people, it can simply be taken down to the DMV to bring up your file, and the unfortunate state of things is that most people list their social security number as their drivers ID (I changed mine to an anonymous number after taking a class in privacy, when we learned about the growing number of cases of identity theft). The fact of the matter is, I don't want people to have access to this sort of thing unless I give them it expressly. I also don't want information on my shopping and surfing habits getting released as it leads to phone soclicitations, as well as spam. What happened to the rights of the consumer? Why does congress allow bribes to give corperations the upper hand?

The world is changing rapidly, and our time is increasingly sucked away by meaningless adds. My parents can still remember a time not so long ago when junk mail was practically unheard of. Now we are saturated with it.

I think we ought to push for a bill which affords us a form of personal protection akin to the laws against tresspassing. In my opinion all cookies, spyware, etc that are installed on a computer without express permission from the user (EULA's are no good as no one reads them, and besides, we would be outraged if everyday were provided with a huge list of random comments, buried within which was a grant to tresspass on our property if we exit our house), should subject their makers to a fine. As a computer professional, my machines are a place I spend a considerable ammount of time, and I have a right to not have others intrude on my privacy.

As a final point, I realize that you can disable cookies, and most spyware, but it is ridiculous to assume that this makes them all right. Many people do not know how to do so, and above all else, we should never have to arm our computers with defenses just to preserve our rights. That is analogous to requiring everyone to bring a body guard when they left the house, or it would be legal to mug them.

*steps off of soapbox*, Sorry my wife is an IP lawyer and deals with this stuff everyday. We need more computing professionals in the government and law.

I also don't want information on my shopping and surfing habits getting released as it leads to phone solicitations

Just a little tidbit I picked up a long time ago (probably on this site), phone solicitation companies are required by the FCC to keep a do-not-call list (different from saying "remove me from your calling list", because they can't reacquire and reuse your name and number) and are required to add you to it at your request. If they call thereafter or claim they don't have such a list you are entitled something like $500 and/or a lawsuit. I've been told they're also legally barred from calling cell phone numbers so I just put in my cell number in all forms I fill out online. I hardly ever get soliciting calls any more and my cell has never gotten one.

Oh sure, they're required to use a DNC list, but once your name/number gets distributed to the wild, it's all over.

As a case in point, yesterday I received 10 phone calls between 11:45am and 12:45pm. One was from a friend, two were from sales/marketroids that hung up on me when I asked them to identify (politely) who they were and what company they were representing, and the other seven were those goddamn annoying automated systems, that hung up on connecting. While this is (slightly) heavier than normal for my residential line, how do you get DNC'd when you can't identify who's calling or just get hung up on? Caller ID is no good, %90 of all telemarketing/sales calls I get are "out of area" probably due to their switching system. I've asked our local telephone company if there was anything that could be done (repeatedly, still trying to find someone who knows what they're doing), and have been told in every instance that there's nothing they can do.

I'm not going to give up, if you don't complain / do something about your situation, it's never going to get any better, but in my experience, DNC lists and almost anything that requires you to opt-out is almost utterly useless. If anyone's interested, the FCC's factsheet that you were referencing on what little can be done about unsolicited phone calls / telemarketing can be found here [fcc.gov].

And please, please, don't say that there's never a need to fill out personal information anywhere. The real world just doesn't work like that, although I lie on everything I possibly can.

I don't know. I think Fritz Hollings [disney.com] should be linked to his true dark master, rather than a merely obscene site. Perhaps we could even link Disney [senate.gov] to Fritz Hollings [disney.com] to complete the loop. Why not truly make him the senator from Disney [senate.gov]?

wanting free rides in our use of purchased media, complaining vigorously about the perceived lost dollars the legitamit exercise of personal use costs them... these people are now turning around and wanting a free-ride with my personal data?

I think not. Let me take the time to personally assure any politicians who happen to read Slashdot that a their support for this kind of initiative wil gurantee them my lost support, regardless of party, in their next bid for re-election.

My only problem with this is that the decision of what to make opt-in and opt-out is truely subjective. One person might consider their purchase history to be sensitive data, while another might think their medical history is not.

I know it's not a cut and dried issue, but I still feel that complete opt-in is the best way.

My biggest problem with the bill is that it will further enhance the corporatization of the web. Imagine if slashdot had to comply with these rules when it first started out. The access rules alone would be a nightmare (imagine sorting through gigs and gigs of server logs to find all the instances of one person's IP address, printing them out, and mailing them, all for $3). Add the cost of defending litigation, and hiring lawyers just to ensure compliance, and quite simply, slashdot would not have existed.

It would be kind of neat to be able to request from companies all the information they have about me, but this is something that should be optional, not mandatory. The government should set up a certification program, similar to truste, and offer it to those who have the resources to comply. Then the user can decide for him/herself whether they want to go to a certified site or not.

These 'privacy statements' sound like the requirement that the EU's Directive on Data Protection (enacted under UK law as the Data Protection Act [hmso.gov.uk]) imposes on organisations, governmental, corporate or otherwise, to have a publically available privacy statement (amongst other items, such as rapid access to all information held by an organisation on request for a 'reasonable' handling fee, and so on).

I just don't get it. I may be asking to get modded down for saying this on slashdot, but it's worth a shot.

I mean, we geeks are virtually (heck, actually!) the only people in the world who appreciate privacy. Obviously, the smarter, more connected, more civilized one is, etc., the more use one gets out of privacy.

Now I understand that the senator in question does not have what we would call a good "track record" with respect to the individual Rights that make this country good (let's face it, he's a stinker). But when it comes right down to it, I'm inclined to call a spade a spade, and not look a gift horse in the mouth.

IANAL but, IIRC, support of this bill or legislation or what have you does not lock us in to future or past legislation, though they may all be by the same guy! Yes, in the past I would have been in favor of opposing him and not reelecting him, but the fact is, if it walks like a duck...

I say, support Privacy, support this Bill and the Constitution. To the Death, as our forefathers would have.

We will send him, and all others like him, a powerful message: shape up or ship out. But the key is, we are giving him the option to make good on his pledge to the People. And second chances, my friends, is what America is all about.

The only problem is that the proposed bill will not support privacy. It significantly hurts the "way things should be".

the "Way Things Should Be(tm)":

companies may not collect any of my information without my explicit, non-clickthrough authorization. They may not store longer than a week, resell, retransmit, redistribute, or publish my information without my explicit,non-clickthrough authorization, and only then for the purpose to complete the service I requested of them, for the limited period of time I specify.

It's my information. My Privacy.

This bill says that only my "personally identifyable" information is mine. But I'm REQUIRED to give that for the right to drive, or to get social security, or to get a credit card, or even a loan to buy a house.

From there that information can be correlated to other things to find out if I drink, or like kinky sex, or vote Republican. People, Companies, and even worse my Government can then use that to persecute me.

The CDBTA(sp?) was his second chance. His first was the
Communications Decency Act [epic.org] (see
here [senate.gov]), a bill so restrictive that it was struck down by the supreme court.
Trust me, this guy is never going to repent and see the error of his ways or other some romantic BS. He needs to leave, now.

Think about it. All this means is that some bureaucratic review board or administrative judge is going to decide what is "private" and what is not. Composed of ex-CEO's and board members of akamai, double-click, etc. etc. and token activist times. Maybe Joan Claybrook or Esther Dyson. Whoopee. Naturally, they'll need a budget for staff, office space, administrative overhead, etc.

It won't Sen. Hollings and his colleagues; they'll be off the hook, free to posture, grandstand, and milk the situation for new "here's what I did for privacy" bills "cracking down" on some privacy violations while legitimizing others. And certainly not you, who will be dragged down to the lowest common denominator of what's acceptable, whether it actually works, or serves as veiled protection and license for data-mining and police-state surveillance interests, as is likely to happen, if past performance of these kinds of mechanisms is any indication.

We're better off with no govt. protection here, and people should start taking far better care of their own privacy themselves. They're fucked if they don't, regardless.

I guess everyone is forgetting all the crappy environmental laws and reviews that killed good projects while entrenching bad ones. Collective amnesia? Or is everyone just willing to pretend because "it's good for Mother Earth". Or so is the claim.

No, this is just yet another example of Congress passing the buck and shifting the blame in a hypocritical and self-serving manner. Fuck the dumb shit. Vote against Hollings and his kind next election.

Sen. Hollings (likewise his secret masters at Disney) may not be my favorite legislator, and he may sponsor a lot of bills which I do not like, but this is a good law. The things that Salon complains about the bill "legitimising" are already 100% legal, unfortunately. While the bill is too weak, I will say this: it is not true that weak provisions make stronger provisions unlikely by assuaging the fears of the sheep-like masses, instead, they shift the social pendulum to make stronger measures more feasible in the future. I support half-measures 100% - yes, this makes me a liberal.

Now that Sen. Hollings has sponsored a piece of good legislation - I'm not a lawyer but I trust EPIC to know totally fake privacy legislation when they see it - he deserves credit for doing the right thing, not continued vilification for the mistakes he's made in the past. Classifying him (or Disney, for that matter) as our Eternal Foe just because he (foolishly, ignorantly) sought to curtail our rights on one occasion is not the way to go. I, personally, know a lot of fine, upstanding people who work in the Movies (none actually at Disney, but hey, if Pat Robertson hate them that much they can't be all bad), some of whom even supported the CBDTPA, and lumping them in with Hitler as people with whom any dialogue is "appeasement" is neither productive nor justified.

The past?? I hope you realize that the CBDTPA is not a dead issue - it's very much in the present, and will likely be in the future. Unless you have some secret memo from him showing that he's changed his mind?

Yes, so I did. I support half-measures, but not counter-measures. EPIC fell for it to, for that matter, unless they were complacent in all this. EPIC just lost a great deal of my respect (only the EFF can be trusted? Everyone else is a fool or a corporate tool? Sad, sad world.)

Nevertheless, my overall point remained valid. if he *did* sponsor a good piece of legislation he would deserve credit for it. You can't make inroads towards productive dialogue with someone if, when they do something right (which many people think/thought that he had) all you do is shout louder about the things that they're doing which you don't like.

Most of the focus on discussion I have seen so far has been addressing the "non-sensitive" information, and how this bill will open the flood gates to allow companies to collect and share it on a massive scale.

I think this is a huge problem, BUT - doesn't anyone else see the problem with how "sensitive" data is defined in this bill?

Sensitive data can only be collected or shared on an opt-in basis. Sounds good, but isn't medical information (one of the "sensitive" items) protected more highly by the HIPPA acts? Won't this act undo everything HIPPA did to help protect medical records? All it takes is one hidden or weasle worked opt-in box to release all your medical information. Or finantial information. Once out there, it can be sold. Then it's gone for good - opting out at that point won't do any good.

We need to raise a huge stink about how trivially this bill handles critical private information - medical, finantial and other records.

Lawrence Lessig [slashdot.org], in his book "Code", points out that the trend in the commodification of the web is for our personal information to be traded and sold by companies without our consent, and meanwhile for corporate "intellectual property" to be protected from unauthorized use with the full force of code and law.

Lessig argues that these situations should be exactly reversed. Personal info should be treated as property owned by us; anyone who takes it without our consent should be subject to lawsuit or criminal charges, and if we choose to allow it to get bought & sold, we should get a cut of the proceeds. It's our data, after all. But for other types of data that doesn't identify any individual, including copywrighted works, there should be mechanisms that allow us fair use to use them and share them as we will, without actually overstepping our rights under copyright law. As it is, as we all know, our rights under copyright are being eroded by encryption and the DMCA. We should have that kind of infrastructure (*and* law) protecting our personal data that the RIAA wants to have protecting their work.

Huh? You argue against the DMCA, but it is arguments like the one above that are used to support the DMCA and similar efforts at censorship. There have to be better ways to protect privacy than "intellectual property" arguments.

Huh? You argue against the DMCA, but it is arguments like the one above that are used to support the DMCA and similar efforts at censorship. There have to be better ways to protect privacy than "intellectual property" arguments.

You misunderstand, good Coward. I think it may be possible and indeed possibly even desirable to define all personal identifying information about a person as properly belonging under that person's control, in a similar fashion that we consider a person's property to be under their control. Hollywood wants us to see creative works as "intellectual property", and they are wrong. But perhaps a property metaphor may prove useful as we attempt to navigate a way of allowing individuals control over who knows what about them.

It looks as though this second bill (dealing with the creation of privacy impact analyses) would do little more than increase the mountains of paperwork required for the creation of new laws. So, the law would require agencies to create these reports, and then release "to the public." How on earth would this help _anything at all_? The public can read laws now, we can decide whether or not the law limits our privacy--and then we can protest if see fit. Its not as though the law will provide a new means whereby to protest, it's just making lawmakers butcher a few hundred more trees every year to help build the image of some Georgia senator.

The only possible use I could see for these 'privacy impact reports' is in the press, where such documents would provide easily quotable material. But is that really enough reason to add to the crippling bureaucracy already in place?

Well, Hollings is known for being pro-business. If you live in SC vote him out!

His bill would require an opt-in for all information that is already protected and an opt-out for the information that needs protecting. Opt out has never worked. For every opt-out email you send, ten more companies add you to their list.

About the only way an opt-out strategy would give us the protection that we want is to make a central opt-out repository. If you're listed there then you want your information out of ALL information warehouses.

Yeap, Good ol' boy Hollings. One of the best politicians that money can buy.

I wonder if this bill will preempt the state's rights to pass stronder bills. If so this could, in the long run, resuilt in less privacy. Right now many of your local legislators are writing very strong privacy protectin bills, but a federal bill will at the least put the breaks on state efforts and at the worst over ride state laws with weaker federal protection. This bill may be better than we have now, but any holes in it could give away your privacy for a very long time. I wonder how the marketoids feel about this bill?

We [ccianet.org] have prepared a section by section analysis of the bill that can be found here [ccianet.org]. Also you can read,a href="http://www.ccianet.org/press/02/0418.php3"&g t;our press release opposing the bill.

I must admit I am a little mystified about the process of lawmaking in the USA. My main point of confusion is the way representatives attach 'riders' to bills before the houses, in such a way as to bring about either the opposite of what is originally intended, or bring into law a ruling on a completely unrelated topic. The Online Personal Privacy Act might mysteriously become the Online Personal Privacy, Coffee minimum caffeine content, and parking ticket fine enforcement act. It's a wonder that you guys ever get any sensible legislation through when you have to search through virtually all legislation out there to find potential threats to your privacy.

Take for instance, this bill [eff.org] (Sorry, this is a remarkably long page) which is allegedly on Banruptcy reform, but which has attached to it, the Methamphetamine Antiproliferation Act of 2000, which to the average non-lawyer european seems an interesting choice of content in a financial bill.

Not to mention the farce surrounding the mandatory installation of internet content filters in schools and libraries attached to a funding bill old news here [eff.org]. I'm sure you can find better examples.

I'm not saying I agree with any of the provisions of the library filters bill. Personally, I'd far rather see no filters, and have parents surf *with* their kids. (Perhaps they will both learn something?). Of course, there are those who would rather damn something than open their minds a little. Unfortunately, the people that have a point to make and are willing to make a loud noise about it, are the people who end up in public office. Common sense is, from an electoral point of view, rather boring.Sex is, after all, just a (rather enjoyable) part of biology.

I read this [sfgate.com] article over at SFgate (was it from a Slashdot link?), and the more I think about it, the more I like it. The key point here is that we need to make one bold, unified statement. The author suggests that the newly formed geekPAC (I assume some members are reading this) needs to focus its efforts on a single politician with whom we disagree. (A list can be found here [kuro5hin.org].)

I have to agree with the author. I have written to my Senators and my representive in the House regarding this legislation, and have heard back from only one of them. They are not noticing us, but they should. We are educated people, we have common goals and concerns, we are a large network of people, and we communicate frequently. We are a part of a grassroots movement. It is time for the politicians to take notice.

While GeekPAC may only be able to act one election at a time, the threat that will speak to them. It may seem like a dirty tactic, but they are trying to steal our fair use rights. We have to fight back.

I disagree. This will make government bigger, less productive and more costly. Worse, it will create the illusion that what they do is okay. That which is intended to limit action becomes a club to justify undesireable behavior. Government is like the flu... [insert snappy punchline here]

If he wants on my good side he can tell me who bought this legislation and how they are directly benefiting from it!

Hypothetical Scenario: Does Disney not need to buy personal information (maybe they collect enough on their own?), so they are going to use it to prevent others from access to such information to prevent them from competing?

I don't claim to know in anyway the above is true, but it would seem possible. I'm certainly not stupid enough to believe that after Mister Hollings publically demonstrates what a whore he is with his so-called Consumer Broadband and Digital Television Promotion Act that he's suddenly interested in protecting the rights of the people of the United States.

If I were in Congress I'd vote against this Bill based on who's the owner of the rock it crawled out from under.

It took all of a week to get my answer. I'd only change one thing... if I were in the Senate I'd punch the scumbag in his mouth.

The legislation itself is unremarkable; it does very little. The biggest loophole seems to be the classification of information as "sensitive" or "non-sensitive".

The political goal is to defuse the hostility of the tech-savvy community, by associating Hollings name with legislation that is superficially reasonable in intent. Judging by the comments on/. , it's working.

I live in a STATE where it is illegal to buy alchohol anywhere on sundays. Not that I have any specific comment about this parent I'm just explaining that your life could be WORSE, You could live in INDIANA.